Reporting Elementum security issues.

If you’ve found a security issue, thank you! We appreciate your help. This page describes how we handle security issues and how to best contact us.

How Elementum approaches security issues.

First we want to make it clear: Elementum SCM Inc, will not take any legal or intimidatory action for reporting security vulnerabilities. We do ask, however, to be responsible and avoid destroying, tampering or doing any action that might hamper the service or disclose private information of others.

We take security seriously, and we will make an effort to respond as fast as possible.

We will start working on reproducing the issue and will contact you if we need additional information to help us do so. We don't require require a proof of concept exploit or any proof of exploitability, but any information you can share up front is helpful.

We know and understand that it is important to you that the issue is addressed promptly. It's important for us too. Once we confirm and triage the issue, we'll come up with a plan and let you know our expected timeline. We try to respond to issues within a few hours. Some issues, of course, might take longer.

Once the issue is fixed, we'll deploy the patch.

Public Disclosure

While we evaluate and fix the issue, we respectfully ask that you hold off on publicly announcing any details until we can roll out a patch.

Depending on the severity of the issue, we usually wait 10 business days before contacting our stakeholders about the vulnerability in order to give all involved parties the opportunity to patch.

Bounties and Rewards

While we appreciate your help in disclosing potential issues in a responsible manner, at this time we don't offer cash prizes or rewards.

Elementum is the company behind the first cloud-native supply chain automation platform. In an age where instant gratification is the new norm and customer expectations are continuing to grow exponentially, successful operations need to adapt faster than ever to unplanned exceptions. Elementum’s platform centralizes information and communication to drive rapid resolution of incidents, enable cross-ecosystem execution, and ensure products are available at the right time, place, quantity, and cost.